diff options
author | lofi <lofi@FreeBSD.org> | 2007-03-07 02:14:43 +0800 |
---|---|---|
committer | lofi <lofi@FreeBSD.org> | 2007-03-07 02:14:43 +0800 |
commit | 804ae3911f0681d5491eca69f2c88a1a2785e1f9 (patch) | |
tree | 4e11c85b8e5545e455fc52f6859ca8145ac68a4b /security/gpgme | |
parent | 5441ab8c666daef8f5096a01d54b191f1caf944c (diff) | |
download | freebsd-ports-gnome-804ae3911f0681d5491eca69f2c88a1a2785e1f9.tar.gz freebsd-ports-gnome-804ae3911f0681d5491eca69f2c88a1a2785e1f9.tar.zst freebsd-ports-gnome-804ae3911f0681d5491eca69f2c88a1a2785e1f9.zip |
Patch for "Multiple Messages Problem in GnuPG and GPGME"
Security: http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
Diffstat (limited to 'security/gpgme')
-rw-r--r-- | security/gpgme/Makefile | 2 | ||||
-rw-r--r-- | security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch | 65 |
2 files changed, 66 insertions, 1 deletions
diff --git a/security/gpgme/Makefile b/security/gpgme/Makefile index ff96c7947f69..6f674bf4c478 100644 --- a/security/gpgme/Makefile +++ b/security/gpgme/Makefile @@ -7,7 +7,7 @@ PORTNAME= gpgme PORTVERSION= 1.1.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GNUPG} MASTER_SITE_SUBDIR= gpgme diff --git a/security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch b/security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch new file mode 100644 index 000000000000..b1792efc0c34 --- /dev/null +++ b/security/gpgme/files/patch-gpgme-1.1.3-multiple-message.patch @@ -0,0 +1,65 @@ +Index: gpgme/verify.c +=================================================================== +--- gpgme/verify.c (revision 1208) ++++ gpgme/verify.c (working copy) +@@ -40,6 +40,7 @@ + gpgme_signature_t current_sig; + int did_prepare_new_sig; + int only_newsig_seen; ++ int plaintext_seen; + } *op_data_t; + + +@@ -549,8 +550,11 @@ + } + + ++/* Parse an error status line and if SET_STATUS is true update the ++ result status as appropriate. With SET_STATUS being false, only ++ check for an error. */ + static gpgme_error_t +-parse_error (gpgme_signature_t sig, char *args) ++parse_error (gpgme_signature_t sig, char *args, int set_status) + { + gpgme_error_t err; + char *where = strchr (args, ' '); +@@ -572,7 +576,16 @@ + + err = _gpgme_map_gnupg_error (which); + +- if (!strcmp (where, "verify.findkey")) ++ if (!strcmp (where, "proc_pkt.plaintext") ++ && gpg_err_code (err) == GPG_ERR_BAD_DATA) ++ { ++ /* This indicates a double plaintext. The only solid way to ++ handle this is by failing the oepration. */ ++ return gpg_error (GPG_ERR_BAD_DATA); ++ } ++ else if (!set_status) ++ ; ++ else if (!strcmp (where, "verify.findkey")) + sig->status = err; + else if (!strcmp (where, "verify.keyusage") + && gpg_err_code (err) == GPG_ERR_WRONG_KEY_USAGE) +@@ -670,9 +683,9 @@ + + case GPGME_STATUS_ERROR: + opd->only_newsig_seen = 0; +- /* The error status is informational, so we don't return an +- error code if we are not ready to process this status. */ +- return sig ? parse_error (sig, args) : 0; ++ /* Some error stati are informational, so we don't return an ++ error code if we are not ready to process this status. */ ++ return parse_error (sig, args, !!sig ); + + case GPGME_STATUS_EOF: + if (sig && !opd->did_prepare_new_sig) +@@ -703,6 +716,8 @@ + break; + + case GPGME_STATUS_PLAINTEXT: ++ if (++opd->plaintext_seen > 1) ++ return gpg_error (GPG_ERR_BAD_DATA); + err = _gpgme_parse_plaintext (args, &opd->result.file_name); + if (err) + return err; |